On March 5, 2026, BC.GAME announced that a hacker exploited a vulnerability in a third party game and stole $4,326,700. The platform is offering a $500,000 bounty for any leads on the attacker.
The hacker’s wallet was identified almost immediately. EyeOnChain tracked $1.7 million USDC flowing from the attacker into Hyperliquid, where they opened a 15,457 ETH short position worth ~$31 million. ETH moved against them. Within 20 hours, partial liquidations wiped the balance down to $171,178. Roughly $1.53 million of the stolen funds gone on a single leveraged bet.
Community investigators then connected the same wallet to previous Hyperliquid blowups totalling over $65 million in losses.
Below is everything we know: what BC.GAME confirmed, where the money went, who the attacker may be, and what players should do now.
What BC.GAME Confirmed on March 5, 2026
BC.GAME’s official statement on X revealed the following details about the incident.
| Detail | Confirmed Information |
|---|---|
| Amount stolen | $4,326,700 |
| Attack vector | Vulnerability in a third party game |
| Bounty offered | $500,000 USD for any leads |
| Hacker’s HYPE invite code | MMREFCSI |
| Hacker wallet | 0xA5e4F8141Cb2759CeA58F28cF2d0AB21b98580cA |
| Platform status | Operational. No reported impact on player funds. |
Here is BC.GAME’s full statement:
This address belongs to a hacker,the funds used are illegal proceeds stolen from https://t.co/75wFXJL2Zp!!
The hacker exploited a vulnerability in a third-party game and illegally profited $4,326,700 from BCGAME.
BCGAME is now offering a global bounty to all players worldwide… https://t.co/U8DiVj14G0
— BC.GAME (@bcgame) March 5, 2026
The exploit targeted a third party game, not BC.GAME’s core platform or wallet infrastructure. This is an important distinction. BC.GAME hosts over 10,000 titles from hundreds of external game providers. These third party integrations carry their own code and their own attack surface.
BC.GAME did not specify which game or provider was compromised. The HYPE invite code MMREFCSI suggests the attacker had an active account on the platform and was using Hyperliquid’s referral system, which may help investigators trace the identity further.
The $500,000 bounty is open to all players worldwide. At the time of writing, BC.GAME has not announced any withdrawal pauses, account freezes, or changes to its deposit and withdrawal processing.
Context: A $500,000 bounty on a $4.3 million theft represents roughly 11.5% of the stolen amount. For comparison, Poly Network offered $500K on a $600M hack (0.08%) and GMX offered $5M on a $40M exploit (12.5%). BC.GAME’s bounty ratio is in line with recent industry precedents.
The speed of BC.GAME’s public response is notable. The platform identified the wallet, disclosed the exact dollar amount, and posted the bounty within hours. Whether this leads to recovery depends largely on on chain investigators and whether the hacker’s operational security holds up under scrutiny.
Based on what community analysts have already uncovered, it may not.
How the Hacker Lost $1.53M of the Stolen Funds on Hyperliquid
Hours after the exploit, blockchain analyst EyeOnChain flagged the attacker’s wallet moving aggressively on Hyperliquid. The on chain data tells a clear story.
This one escalated very fast 🥶.
Wallet 0xA5e4F8141Cb2759CeA58F28cF2d0AB21b98580cA came in heavy about 19 hours ago, receiving 1.7M USDC and going straight into a massive short — 15,457 $ETH , roughly a $31M position.
Big size and Clear conviction. But #ETH didn’t cooperate.… pic.twitter.com/qNJv3vi4ri
— EyeOnChain (@EyeOnChain) March 4, 2026
The attacker deposited $1.7 million USDC via a cross account transfer and immediately opened a massive short position on Ethereum. The bet was simple: ETH goes down, hacker profits. ETH went up instead.
The Position Breakdown
| Detail | Data |
|---|---|
| Initial deposit | $1,700,196.02 USDC |
| Position type | Short ETH |
| Position size | 15,457 ETH (~$31 million notional) |
| Leverage | ~18x |
| Final balance | $171,178.95 USDC |
| Total lost on the trade | ~$1,529,000 |
| Time to liquidation | Under 20 hours |
How the Position Collapsed
ETH price pushed higher after the short was opened. The position started taking partial liquidations almost immediately. On chain records show at least 9 separate close/decrease events within a two hour window.
- 2,500 ETH closed (Close Short + Close All)
- 2,500 ETH decreased
- 1,400 ETH decreased
- 1,600 ETH partially liquidated
- 4 further decreases of 1,000 ETH each
- 1,588.477 ETH and 1,250 ETH final decreases
The withdrawal record confirms the damage. The account started with a $1,700,196.02 cross account transfer and ended with a single $171,178.95 withdrawal. That is a 90% loss in under a day.
The irony: The hacker stole $4.3 million by exploiting a game. Then immediately gambled $1.7 million of it on a leveraged ETH short and lost almost everything. The stolen funds are now split between whatever remains in other wallets and roughly $171K the attacker managed to withdraw from Hyperliquid.
EyeOnChain’s post tracking this wallet received over 215,000 views within hours. The visibility of the trade makes it significantly harder for the attacker to move the remaining funds without being flagged by exchanges, on chain trackers, and law enforcement.
This was not the attacker’s first time making reckless bets on Hyperliquid. And the pattern is what ultimately may identify them.
The On Chain Trail: Connecting the Hacker to Previous Incidents
Within hours of BC.GAME’s announcement, crypto investigator SomaXBT posted on X linking the attacker’s wallet to a pattern of high leverage blowups on Hyperliquid dating back to November 2025. The connections suggest this is not a first time exploit.
November 2025: The $60M ZEC Short Liquidation
Arkham Intelligence tracked a whale controlling three separate Hyperliquid accounts, each shorting $20 million of Zcash (ZEC) simultaneously. Total exposure: $60 million. ZEC rallied instead. All three accounts were fully liquidated, resulting in a $5.5 million loss.
Arkham confirmed all three accounts belonged to the same individual.
November 2025: The $7M BTC and XRP Short
SomaXBT also flagged a second connection. Earlier that same month, on chain analyst Elon Xusk (@GateioTP) had identified a newly created wallet that deposited $7 million USDC into Hyperliquid and opened 20x short positions on both BTC and XRP.
| Position | Size | Notional Value |
|---|---|---|
| BTC Short (20x) | 1,129 BTC | $116 million |
| XRP Short (20x) | 8,888,888 XRP | $20.35 million |
The analyst identified the wallet owner as a high stakes gambler with accounts on Roobet and Stake.com.
March 2025: ZachXBT Identifies a Convicted Cybercriminal
The most significant connection comes from an earlier investigation by ZachXBT, the most prominent on chain detective in crypto. In March 2025, ZachXBT published a thread identifying a mysterious Hyperliquid whale as William Parker (formerly known as Alistair Packover), a British national convicted and sentenced in Finland in 2024 for stealing nearly $1 million from two online casinos.
ZachXBT’s investigation found that the wallet cluster was tied to accounts on multiple platforms.
- BC.GAME
- Roobet
- MetaWin
- Gamdom
- Shuffle
- Binance
- ChangeNOW
- Alphapo
ZachXBT also found that one address in the cluster had received funds from a phishing operation. His conclusion was blunt: this was not a sophisticated trader. It was a cybercriminal gambling with stolen funds.
The Pattern
| Date | Incident | Amount | Result |
|---|---|---|---|
| March 2025 | ZachXBT identifies wallet cluster as William Parker | $20M+ in leveraged trades | Convicted cybercriminal exposed |
| November 2025 | $7M BTC/XRP short on Hyperliquid | $136M notional exposure | High stakes gambler flagged |
| November 2025 | $60M ZEC short across 3 Hyperliquid accounts | $60M | Fully liquidated. $5.5M lost. |
| March 2026 | BC.GAME exploit + ETH short on Hyperliquid | $4.3M stolen, $31M short | 90% of shorted funds lost |
Important caveat: SomaXBT’s links are based on on chain pattern matching and behavioural similarities. There is no confirmed public statement from law enforcement or BC.GAME directly naming William Parker as the attacker. The connections are strong but should be treated as alleged until officially confirmed.
What is clear is this: the individual behind the BC.GAME exploit follows a consistent pattern. Steal funds. Move them to Hyperliquid. Open reckless leveraged positions. Lose most of it. That pattern of behaviour is exactly what makes on chain investigators confident these incidents are connected.
Is BC.GAME Safe? What Players Need to Know
This is the question every BC.GAME player is asking right now. The short answer: player wallets and deposits were not compromised. The exploit targeted a third party game, not BC.GAME’s core infrastructure. But context matters, so here is how this incident compares to other major crypto casino hacks.
How BC.GAME’s Hack Compares to Stake.com and MetaWin
| Incident | Amount Stolen | Attack Type | Player Funds Affected? | Recovery |
|---|---|---|---|---|
| Stake.com (Sept 2023) | $41 million | Hot wallet private key compromise | No. Covered from reserves. | None. FBI attributed to North Korea’s Lazarus Group. |
| MetaWin (Nov 2024) | $4 million | Withdrawal system vulnerability | No. CEO reimbursed from personal funds. | Partial. ZachXBT identified 115+ attacker wallets. |
| BC.GAME (March 2026) | $4.3 million | Third party game exploit | No reported impact. | Ongoing. $500K bounty active. |
The key difference here is the attack surface. Stake.com’s hack compromised their own hot wallet private keys. MetaWin’s exploit hit their withdrawal system. BC.GAME’s breach came through an external game provider’s code. That means BC.GAME’s own wallet infrastructure, player balances, and deposit/withdrawal systems were not the point of failure.
That said, BC.GAME is still responsible for the games it hosts. If a third party title has a vulnerability that allows $4.3 million to be extracted, questions about vetting, auditing, and integration security are valid.
BC.GAME’s Security Setup
BC.GAME runs a multi layer security system called BC Shield. Based on our review of the platform, it includes the following protections.
- SSL encryption (256 bit AES) across all traffic
- Two factor authentication via Google Authenticator
- Anti phishing codes for email verification
- Cold storage for the majority of platform funds
- Multi signature wallets for transaction processing
- Behaviour analysis and device checks to flag suspicious activity
BC.GAME’s own original games (Crash, Plinko, Dice, Limbo) use provably fair cryptographic verification. Players can verify each result using server seeds and client seeds. These games were not part of the exploit.
The vulnerability was in a third party title, one of the 10,000+ games BC.GAME hosts from external providers. This is where the risk sits for any large crypto casino. The more games you offer, the larger your third party attack surface becomes.
BC.GAME’s Licensing Situation
BC.GAME currently operates under a licence from the Autonomous Island of Anjouan (Union of Comoros). This replaced its previous Curacao licence after its former operator Blockdance B.V. was declared bankrupt by Curacao courts in late 2024 for failing to pay over $2 million in player winnings.
Anjouan is a less established regulatory jurisdiction than Curacao, Malta, or the UKGC. It does not impose the same compliance requirements or player protection standards. This does not mean BC.GAME is unsafe, but players should understand the regulatory framework they are operating under.
Our position: Based on the available evidence, this exploit was a third party game vulnerability, not a failure of BC.GAME’s core security. Player funds do not appear to have been affected. However, any platform hosting thousands of external games carries inherent third party risk. We will update this article as new information becomes available.
What This Means for BC.GAME Players
If you have an active BC.GAME account, there are a few practical steps worth taking right now.
Immediate Actions
- 1Enable 2FA if you haven't already. Go to your BC.GAME security settings and activate Google Authenticator. This protects your account even if your password is compromised.
- 2Check your balance and transaction history. BC.GAME has stated player funds were not affected, but verify for yourself. If anything looks off, contact support immediately.
- 3Set up your anti phishing code. This adds a custom phrase to every official BC.GAME email, so you can spot fake messages. Expect phishing attempts to spike after any publicised hack.
- 4Don't keep more on site than you need. This applies to every crypto casino, not just BC.GAME. Withdraw to your own wallet when you're not actively playing.
Should You Still Play at BC.GAME?
That depends on your risk tolerance. Here is what the evidence says.
The exploit hit a third party game, not BC.GAME’s wallet or payment systems. Player deposits and withdrawals are processing normally. BC.GAME responded publicly within hours, disclosed the exact amount, identified the wallet, and posted a $500,000 bounty. That level of transparency is better than what most platforms deliver after a security incident.
On the other side, BC.GAME has not named the compromised game or provider. They operate under an Anjouan licence, which offers less regulatory oversight than Curacao or Malta. And the fact that a third party integration allowed $4.3 million to be extracted raises questions about how games are vetted before being added to the platform.
For players who want to continue using BC.GAME, our BC.GAME bonus code page has the latest available offers and sign up details.
What Happens Next
This story is still developing. The key things to watch for are:
- Whether BC.GAME identifies the specific game and provider that was exploited
- Whether on chain investigators (ZachXBT, Arkham, PeckShield) formally link the wallet to a known individual
- Whether any funds are recovered through the bounty programme or exchange freezes
- Whether BC.GAME announces changes to its third party game auditing process
We will update this article as new details emerge. If you have information related to the hack, BC.GAME’s bounty is open globally through their official X account @bcgame.
